Dynamic forward security - openssh

This is a discussion on Dynamic forward security - openssh ; Hello,
I have a question regarding the dynamic port forward feature of ssh. I
quite often use this feature to use mail and web over unsecure
networks.
Now, my question is, if the remote end with ssh should be compromised,
...

Dynamic forward security

Hello,

I have a question regarding the dynamic port forward feature of ssh. I
quite often use this feature to use mail and web over unsecure
networks.

Now, my question is, if the remote end with ssh should be compromised,
is theoretically any way to go over the open ssh connection to access
the client side of the computer, by using a buffer overflow or bug in
ssh to execute code or access the local network. Can sshd initiate
connections the opposite way in such a configuration or is it only ssh
that initiates all connections to the sshd endpoint?

Since this tunnel can be open for quite some time, it could be a
possible way back into the client system, or am i just too paranoid?